PIX NAT problem

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Everything was working and all sudden, I can't brows Internet.  Noticed that
workstations couldn't ping the PIX and the PIX couldn't ping the
workstations, but PIX can ping the world.  I've looked at the config and the
NAT seems to be there.  I even added access-list to permit any any with no
luck.  Please help.

PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password *************** encrypted
passwd ************* encrypted
hostname MyHostName
domain-name mydomain.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 66.192.47.114 Ans
access-list 160 permit ip 192.168.60.0 255.255.255.0 10.1.0.0 255.255.0.0
access-list 161 permit ip 192.168.60.0 255.255.255.0 192.168.61.0
255.255.255.0
access-list 100 permit ip 192.168.60.0 255.255.255.0 10.1.0.0 255.255.0.0
access-list 100 permit ip 192.168.60.0 255.255.255.0 192.168.61.0
255.255.255.0
access-list 100 permit ip 192.168.60.0 255.255.255.0 192.168.70.0
255.255.255.0
access-list outside_cryptomap_40 permit ip 192.168.60.0 255.255.255.0
192.168.70.0 255.255.255.0
pager lines 24
logging monitor informational
mtu outside 1500
mtu inside 1500
ip address outside 66.71.212.181 255.255.255.128
ip address inside 192.168.60.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.60.10 255.255.255.255 inside
pdm location 76.44.56.18 255.255.255.255 outside
pdm location 10.1.0.0 255.255.0.0 outside
pdm location 192.168.61.0 255.255.255.0 outside
pdm location 192.168.70.0 255.255.255.0 outside
pdm location Ans 255.255.255.255 outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list 100
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
conduit permit ip any any
route outside 0.0.0.0 0.0.0.0 66.71.212.129 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 76.44.56.18 255.255.255.255 outside
http 192.168.60.10 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
crypto ipsec transform-set franklin esp-3des esp-md5-hmac
crypto map myhostname 10 ipsec-isakmp
crypto map myhostname 10 match address 160
crypto map myhostname 10 set peer 70.150.159.18
crypto map myhostname 10 set transform-set franklin
crypto map myhostname 20 ipsec-isakmp
crypto map myhostname 20 match address 161
crypto map myhostname 20 set peer 65.41.70.144
crypto map myhostname 20 set transform-set franklin
crypto map myhostname 40 ipsec-isakmp
crypto map myhostname 40 match address outside_cryptomap_40
crypto map myhostname 40 set peer 72.16.95.115
crypto map myhostname 40 set transform-set franklin
crypto map myhostname interface outside
isakmp enable outside
isakmp key ******** address 76.44.56.18 netmask 255.255.255.240
isakmp key ******** address 78.122.41.115 netmask 255.255.255.255 no-xauth
no-config-mode
isakmp key ******** address 66.72.44.144 netmask 255.255.255.128
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
telnet Ans 255.255.255.255 outside
telnet 0.0.0.0 0.0.0.0 outside
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 30
management-access inside
console timeout 0
terminal width 80
Cryptochecksum:***********************
: end



Re: PIX NAT problem

Quoted text here. Click to load it

Config looks just fine. Is it a 501? Could you be out of licenses? Post a
show xlate, show local host and show conn


Re: PIX NAT problem
Quoted text here. Click to load it

License is ok, rest is empty.  Cleared  crypto seems to fix it...



Re: PIX NAT problem
There may be a physical or logical break between the PIX and your LAN
switch. You may also try reloading it - if this fixes it consider
upgrading to 6.3.5.

Brian V wrote:
Quoted text here. Click to load it

Site Timeline